Browse Source

Implement add_key, keyctl, and request_key decoding

* keyctl.c: New file.
* linux/keyctl.h: Likewise.
* Makefile.am (strace_SOURCES): Add keyctl.c.
(EXTRA_DIST): Add linux/keyctl.h.
* linux/dummy.h (sys_add_key, sys_keyctl, sys_request_key): Remove.
* linux/syscall.h (sys_add_key, sys_keyctl, sys_request_key): New
prototypes.
Dmitry V. Levin 6 years ago
parent
commit
3acf4035ea
5 changed files with 521 additions and 3 deletions
  1. 2
    0
      Makefile.am
  2. 455
    0
      keyctl.c
  3. 0
    3
      linux/dummy.h
  4. 61
    0
      linux/keyctl.h
  5. 3
    0
      linux/syscall.h

+ 2
- 0
Makefile.am View File

@@ -28,6 +28,7 @@ strace_SOURCES =	\
28 28
 	ioprio.c	\
29 29
 	ipc.c		\
30 30
 	kexec.c		\
31
+	keyctl.c	\
31 32
 	loop.c		\
32 33
 	mem.c		\
33 34
 	mtd.c		\
@@ -115,6 +116,7 @@ EXTRA_DIST =				\
115 116
 	linux/ioctlent.sh		\
116 117
 	linux/ioctlsort.c		\
117 118
 	linux/kexec.h			\
119
+	linux/keyctl.h			\
118 120
 	linux/m68k/ioctlent.h.in	\
119 121
 	linux/m68k/syscallent.h		\
120 122
 	linux/metag/ioctlent.h.in	\

+ 455
- 0
keyctl.c View File

@@ -0,0 +1,455 @@
1
+#include "defs.h"
2
+#include <linux/keyctl.h>
3
+
4
+typedef int32_t key_serial_t;
5
+
6
+static const struct xlat key_spec[] = {
7
+	XLAT(KEY_SPEC_THREAD_KEYRING),
8
+	XLAT(KEY_SPEC_PROCESS_KEYRING),
9
+	XLAT(KEY_SPEC_SESSION_KEYRING),
10
+	XLAT(KEY_SPEC_USER_KEYRING),
11
+	XLAT(KEY_SPEC_USER_SESSION_KEYRING),
12
+	XLAT(KEY_SPEC_GROUP_KEYRING),
13
+	XLAT(KEY_SPEC_REQKEY_AUTH_KEY),
14
+	XLAT(KEY_SPEC_REQUESTOR_KEYRING),
15
+	XLAT_END
16
+};
17
+
18
+static void
19
+print_keyring_serial_number(key_serial_t id)
20
+{
21
+	const char *str = xlookup(key_spec, id);
22
+
23
+	if (str)
24
+		tprints(str);
25
+	else
26
+		tprintf("%d", id);
27
+}
28
+
29
+int
30
+sys_add_key(struct tcb *tcp)
31
+{
32
+	if (entering(tcp)) {
33
+		/* type */
34
+		printstr(tcp, tcp->u_arg[0], -1);
35
+		/* description */
36
+		tprints(", ");
37
+		printstr(tcp, tcp->u_arg[1], -1);
38
+		/* payload */
39
+		tprints(", ");
40
+		printstr(tcp, tcp->u_arg[2], tcp->u_arg[3]);
41
+		/* payload length */
42
+		tprintf(", %lu, ", tcp->u_arg[3]);
43
+		/* keyring serial number */
44
+		print_keyring_serial_number(tcp->u_arg[4]);
45
+	}
46
+	return 0;
47
+}
48
+
49
+int
50
+sys_request_key(struct tcb *tcp)
51
+{
52
+	if (entering(tcp)) {
53
+		/* type */
54
+		printstr(tcp, tcp->u_arg[0], -1);
55
+		/* description */
56
+		tprints(", ");
57
+		printstr(tcp, tcp->u_arg[1], -1);
58
+		/* callout_info */
59
+		tprints(", ");
60
+		printstr(tcp, tcp->u_arg[2], -1);
61
+		/* keyring serial number */
62
+		tprints(", ");
63
+		print_keyring_serial_number(tcp->u_arg[3]);
64
+	}
65
+	return 0;
66
+}
67
+
68
+static int
69
+keyctl_get_keyring_id(struct tcb *tcp, key_serial_t id, int create)
70
+{
71
+	if (entering(tcp)) {
72
+		tprints(", ");
73
+		print_keyring_serial_number(id);
74
+		tprintf(", %d", create);
75
+	}
76
+	return 0;
77
+}
78
+
79
+static int
80
+keyctl_join_session_keyring(struct tcb *tcp, long addr)
81
+{
82
+	if (entering(tcp)) {
83
+		tprints(", ");
84
+		printstr(tcp, addr, -1);
85
+	}
86
+	return 0;
87
+}
88
+
89
+static int
90
+keyctl_update_key(struct tcb *tcp, key_serial_t id, long addr, long len)
91
+{
92
+	if (entering(tcp)) {
93
+		tprints(", ");
94
+		print_keyring_serial_number(id);
95
+		tprints(", ");
96
+		printstr(tcp, addr, len);
97
+		tprintf(", %lu", len);
98
+	}
99
+	return 0;
100
+}
101
+
102
+static int
103
+keyctl_handle_key(struct tcb *tcp, key_serial_t id)
104
+{
105
+	if (entering(tcp)) {
106
+		tprints(", ");
107
+		print_keyring_serial_number(id);
108
+	}
109
+	return 0;
110
+}
111
+
112
+static int
113
+keyctl_handle_key_key(struct tcb *tcp, key_serial_t id1, key_serial_t id2)
114
+{
115
+	if (entering(tcp)) {
116
+		tprints(", ");
117
+		print_keyring_serial_number(id1);
118
+		tprints(", ");
119
+		print_keyring_serial_number(id2);
120
+	}
121
+	return 0;
122
+}
123
+
124
+static int
125
+keyctl_read_key(struct tcb *tcp, key_serial_t id, long addr, long len)
126
+{
127
+	if (entering(tcp)) {
128
+		tprints(", ");
129
+		print_keyring_serial_number(id);
130
+		tprints(", ");
131
+	} else {
132
+		if (addr && syserror(tcp))
133
+			tprintf("%#lx", addr);
134
+		else {
135
+			long rval = tcp->u_rval > len ?
136
+				    len : (tcp->u_rval ? -1 : 0);
137
+			printstr(tcp, addr, rval);
138
+		}
139
+		tprintf(", %lu", len);
140
+	}
141
+	return 0;
142
+}
143
+
144
+static int
145
+keyctl_keyring_search(struct tcb *tcp, key_serial_t id1, long addr1,
146
+		      long addr2, key_serial_t id2)
147
+{
148
+	if (entering(tcp)) {
149
+		tprints(", ");
150
+		print_keyring_serial_number(id1);
151
+		tprints(", ");
152
+		printstr(tcp, addr1, -1);
153
+		tprints(", ");
154
+		printstr(tcp, addr2, -1);
155
+		tprints(", ");
156
+		print_keyring_serial_number(id2);
157
+	}
158
+	return 0;
159
+}
160
+
161
+static int
162
+keyctl_chown_key(struct tcb *tcp, key_serial_t id, int user, int group)
163
+{
164
+	if (entering(tcp)) {
165
+		tprints(", ");
166
+		print_keyring_serial_number(id);
167
+		tprintf(", %d, %d", user, group);
168
+	}
169
+	return 0;
170
+}
171
+
172
+static int
173
+keyctl_instantiate_key(struct tcb *tcp, key_serial_t id1, long addr,
174
+		       long len, key_serial_t id2)
175
+{
176
+	if (entering(tcp)) {
177
+		tprints(", ");
178
+		print_keyring_serial_number(id1);
179
+		tprints(", ");
180
+		printstr(tcp, addr, len);
181
+		tprintf(", %lu, ", len);
182
+		print_keyring_serial_number(id2);
183
+	}
184
+	return 0;
185
+}
186
+
187
+static int
188
+keyctl_instantiate_key_iov(struct tcb *tcp, key_serial_t id1,
189
+			   long addr, long len, key_serial_t id2)
190
+{
191
+	if (entering(tcp)) {
192
+		tprints(", ");
193
+		print_keyring_serial_number(id1);
194
+		tprints(", ");
195
+		tprint_iov(tcp, len, addr, 1);
196
+		tprintf(", %lu, ", len);
197
+		print_keyring_serial_number(id2);
198
+	}
199
+	return 0;
200
+}
201
+
202
+static int
203
+keyctl_negate_key(struct tcb *tcp, key_serial_t id1, unsigned timeout,
204
+		  key_serial_t id2)
205
+{
206
+	if (entering(tcp)) {
207
+		tprints(", ");
208
+		print_keyring_serial_number(id1);
209
+		tprintf(", %u, ", timeout);
210
+		print_keyring_serial_number(id2);
211
+	}
212
+	return 0;
213
+}
214
+
215
+static int
216
+keyctl_reject_key(struct tcb *tcp, key_serial_t id1, unsigned timeout,
217
+		  unsigned error, key_serial_t id2)
218
+{
219
+	if (entering(tcp)) {
220
+		tprints(", ");
221
+		print_keyring_serial_number(id1);
222
+		tprintf(", %u, %u, ", timeout, error);
223
+		print_keyring_serial_number(id2);
224
+	}
225
+	return 0;
226
+}
227
+
228
+static int
229
+keyctl_set_timeout(struct tcb *tcp, key_serial_t id, unsigned timeout)
230
+{
231
+	if (entering(tcp)) {
232
+		tprints(", ");
233
+		print_keyring_serial_number(id);
234
+		tprintf(", %u", timeout);
235
+	}
236
+	return 0;
237
+}
238
+
239
+static int
240
+keyctl_get_persistent(struct tcb *tcp, int uid, key_serial_t id)
241
+{
242
+	if (entering(tcp)) {
243
+		tprintf(", %d, ", uid);
244
+		print_keyring_serial_number(id);
245
+	}
246
+	return 0;
247
+}
248
+
249
+#define KEY_POS_VIEW	0x01000000
250
+#define KEY_POS_READ	0x02000000
251
+#define KEY_POS_WRITE	0x04000000
252
+#define KEY_POS_SEARCH	0x08000000
253
+#define KEY_POS_LINK	0x10000000
254
+#define KEY_POS_SETATTR	0x20000000
255
+#define KEY_POS_ALL	0x3f000000
256
+#define KEY_USR_VIEW	0x00010000
257
+#define KEY_USR_READ	0x00020000
258
+#define KEY_USR_WRITE	0x00040000
259
+#define KEY_USR_SEARCH	0x00080000
260
+#define KEY_USR_LINK	0x00100000
261
+#define KEY_USR_SETATTR	0x00200000
262
+#define KEY_USR_ALL	0x003f0000
263
+#define KEY_GRP_VIEW	0x00000100
264
+#define KEY_GRP_READ	0x00000200
265
+#define KEY_GRP_WRITE	0x00000400
266
+#define KEY_GRP_SEARCH	0x00000800
267
+#define KEY_GRP_LINK	0x00001000
268
+#define KEY_GRP_SETATTR	0x00002000
269
+#define KEY_GRP_ALL	0x00003f00
270
+#define KEY_OTH_VIEW	0x00000001
271
+#define KEY_OTH_READ	0x00000002
272
+#define KEY_OTH_WRITE	0x00000004
273
+#define KEY_OTH_SEARCH	0x00000008
274
+#define KEY_OTH_LINK	0x00000010
275
+#define KEY_OTH_SETATTR	0x00000020
276
+#define KEY_OTH_ALL	0x0000003f
277
+
278
+static const struct xlat key_perms[] = {
279
+	XLAT(KEY_POS_VIEW),
280
+	XLAT(KEY_POS_READ),
281
+	XLAT(KEY_POS_WRITE),
282
+	XLAT(KEY_POS_SEARCH),
283
+	XLAT(KEY_POS_LINK),
284
+	XLAT(KEY_POS_SETATTR),
285
+	XLAT(KEY_POS_ALL),
286
+	XLAT(KEY_USR_VIEW),
287
+	XLAT(KEY_USR_READ),
288
+	XLAT(KEY_USR_WRITE),
289
+	XLAT(KEY_USR_SEARCH),
290
+	XLAT(KEY_USR_LINK),
291
+	XLAT(KEY_USR_SETATTR),
292
+	XLAT(KEY_USR_ALL),
293
+	XLAT(KEY_GRP_VIEW),
294
+	XLAT(KEY_GRP_READ),
295
+	XLAT(KEY_GRP_WRITE),
296
+	XLAT(KEY_GRP_SEARCH),
297
+	XLAT(KEY_GRP_LINK),
298
+	XLAT(KEY_GRP_SETATTR),
299
+	XLAT(KEY_GRP_ALL),
300
+	XLAT(KEY_OTH_VIEW),
301
+	XLAT(KEY_OTH_READ),
302
+	XLAT(KEY_OTH_WRITE),
303
+	XLAT(KEY_OTH_SEARCH),
304
+	XLAT(KEY_OTH_LINK),
305
+	XLAT(KEY_OTH_SETATTR),
306
+	XLAT(KEY_OTH_ALL),
307
+	XLAT_END
308
+};
309
+
310
+static int
311
+keyctl_setperm_key(struct tcb *tcp, key_serial_t id, uint32_t perm)
312
+{
313
+	if (entering(tcp)) {
314
+		tprints(", ");
315
+		print_keyring_serial_number(id);
316
+		tprints(", ");
317
+		printflags(key_perms, perm, "KEY_???");
318
+	}
319
+	return 0;
320
+}
321
+
322
+static const struct xlat key_reqkeys[] = {
323
+	XLAT(KEY_REQKEY_DEFL_NO_CHANGE),
324
+	XLAT(KEY_REQKEY_DEFL_DEFAULT),
325
+	XLAT(KEY_REQKEY_DEFL_THREAD_KEYRING),
326
+	XLAT(KEY_REQKEY_DEFL_PROCESS_KEYRING),
327
+	XLAT(KEY_REQKEY_DEFL_SESSION_KEYRING),
328
+	XLAT(KEY_REQKEY_DEFL_USER_KEYRING),
329
+	XLAT(KEY_REQKEY_DEFL_USER_SESSION_KEYRING),
330
+	XLAT(KEY_REQKEY_DEFL_GROUP_KEYRING),
331
+	XLAT(KEY_REQKEY_DEFL_REQUESTOR_KEYRING),
332
+	XLAT_END
333
+};
334
+
335
+static int
336
+keyctl_set_reqkey_keyring(struct tcb *tcp, int reqkey)
337
+{
338
+	if (entering(tcp)) {
339
+		tprints(", ");
340
+		printxval(key_reqkeys, reqkey, "KEY_REQKEY_DEFL_???");
341
+	}
342
+	return 0;
343
+}
344
+
345
+static const struct xlat keyctl_commands[] = {
346
+	XLAT(KEYCTL_GET_KEYRING_ID),
347
+	XLAT(KEYCTL_JOIN_SESSION_KEYRING),
348
+	XLAT(KEYCTL_UPDATE),
349
+	XLAT(KEYCTL_REVOKE),
350
+	XLAT(KEYCTL_CHOWN),
351
+	XLAT(KEYCTL_SETPERM),
352
+	XLAT(KEYCTL_DESCRIBE),
353
+	XLAT(KEYCTL_CLEAR),
354
+	XLAT(KEYCTL_LINK),
355
+	XLAT(KEYCTL_UNLINK),
356
+	XLAT(KEYCTL_SEARCH),
357
+	XLAT(KEYCTL_READ),
358
+	XLAT(KEYCTL_INSTANTIATE),
359
+	XLAT(KEYCTL_NEGATE),
360
+	XLAT(KEYCTL_SET_REQKEY_KEYRING),
361
+	XLAT(KEYCTL_SET_TIMEOUT),
362
+	XLAT(KEYCTL_ASSUME_AUTHORITY),
363
+	XLAT(KEYCTL_GET_SECURITY),
364
+	XLAT(KEYCTL_SESSION_TO_PARENT),
365
+	XLAT(KEYCTL_REJECT),
366
+	XLAT(KEYCTL_INSTANTIATE_IOV),
367
+	XLAT(KEYCTL_INVALIDATE),
368
+	XLAT(KEYCTL_GET_PERSISTENT),
369
+	XLAT_END
370
+};
371
+
372
+int
373
+sys_keyctl(struct tcb *tcp)
374
+{
375
+	int cmd = tcp->u_arg[0];
376
+
377
+	if (entering(tcp))
378
+		printxval(keyctl_commands, cmd, "KEYCTL_???");
379
+
380
+	switch (cmd) {
381
+	case KEYCTL_GET_KEYRING_ID:
382
+		return keyctl_get_keyring_id(tcp, tcp->u_arg[1], tcp->u_arg[2]);
383
+
384
+	case KEYCTL_JOIN_SESSION_KEYRING:
385
+		return keyctl_join_session_keyring(tcp, tcp->u_arg[1]);
386
+
387
+	case KEYCTL_UPDATE:
388
+		return keyctl_update_key(tcp, tcp->u_arg[1],
389
+					 tcp->u_arg[2], tcp->u_arg[3]);
390
+
391
+	case KEYCTL_REVOKE:
392
+	case KEYCTL_CLEAR:
393
+	case KEYCTL_INVALIDATE:
394
+	case KEYCTL_ASSUME_AUTHORITY:
395
+		return keyctl_handle_key(tcp, tcp->u_arg[1]);
396
+
397
+	case KEYCTL_LINK:
398
+	case KEYCTL_UNLINK:
399
+		return keyctl_handle_key_key(tcp, tcp->u_arg[1], tcp->u_arg[2]);
400
+
401
+	case KEYCTL_DESCRIBE:
402
+	case KEYCTL_READ:
403
+	case KEYCTL_GET_SECURITY:
404
+		return keyctl_read_key(tcp, tcp->u_arg[1],
405
+				       tcp->u_arg[2], tcp->u_arg[3]);
406
+
407
+	case KEYCTL_SEARCH:
408
+		return keyctl_keyring_search(tcp, tcp->u_arg[1], tcp->u_arg[2],
409
+					     tcp->u_arg[3], tcp->u_arg[4]);
410
+
411
+	case KEYCTL_CHOWN:
412
+		return keyctl_chown_key(tcp, tcp->u_arg[1],
413
+					tcp->u_arg[2], tcp->u_arg[3]);
414
+
415
+	case KEYCTL_SETPERM:
416
+		return keyctl_setperm_key(tcp, tcp->u_arg[1], tcp->u_arg[2]);
417
+
418
+	case KEYCTL_INSTANTIATE:
419
+		return keyctl_instantiate_key(tcp, tcp->u_arg[1], tcp->u_arg[2],
420
+					      tcp->u_arg[3], tcp->u_arg[4]);
421
+
422
+	case KEYCTL_NEGATE:
423
+		return keyctl_negate_key(tcp, tcp->u_arg[1],
424
+					 tcp->u_arg[2], tcp->u_arg[3]);
425
+
426
+	case KEYCTL_SET_REQKEY_KEYRING:
427
+		return keyctl_set_reqkey_keyring(tcp, tcp->u_arg[1]);
428
+
429
+	case KEYCTL_SET_TIMEOUT:
430
+		return keyctl_set_timeout(tcp, tcp->u_arg[1], tcp->u_arg[2]);
431
+
432
+	case KEYCTL_SESSION_TO_PARENT:
433
+		return 0;
434
+
435
+	case KEYCTL_REJECT:
436
+		return keyctl_reject_key(tcp, tcp->u_arg[1], tcp->u_arg[2],
437
+					 tcp->u_arg[3], tcp->u_arg[4]);
438
+
439
+	case KEYCTL_INSTANTIATE_IOV:
440
+		return keyctl_instantiate_key_iov(tcp, tcp->u_arg[1],
441
+						  tcp->u_arg[2], tcp->u_arg[3],
442
+						  tcp->u_arg[4]);
443
+
444
+	case KEYCTL_GET_PERSISTENT:
445
+		return keyctl_get_persistent(tcp, tcp->u_arg[1], tcp->u_arg[2]);
446
+
447
+	default:
448
+		if (entering(tcp))
449
+			tprintf(", %#lx, %#lx, %#lx, %#lx",
450
+				tcp->u_arg[1], tcp->u_arg[2],
451
+				tcp->u_arg[3], tcp->u_arg[4]);
452
+	}
453
+
454
+	return 0;
455
+}

+ 0
- 3
linux/dummy.h View File

@@ -32,15 +32,12 @@
32 32
 #endif
33 33
 
34 34
 /* still unfinished */
35
-#define	sys_add_key		printargs
36 35
 #define	sys_ioperm		printargs
37 36
 #define	sys_iopl		printargs
38 37
 #define	sys_kcmp		printargs
39
-#define	sys_keyctl		printargs
40 38
 #define	sys_lookup_dcookie	printargs
41 39
 #define	sys_name_to_handle_at	printargs
42 40
 #define	sys_open_by_handle_at	printargs
43
-#define	sys_request_key		printargs
44 41
 #define	sys_sysfs		printargs
45 42
 #define	sys_vm86old		printargs
46 43
 #define	sys_vm86		printargs

+ 61
- 0
linux/keyctl.h View File

@@ -0,0 +1,61 @@
1
+/* keyctl.h: keyctl command IDs
2
+ *
3
+ * Copyright (C) 2004, 2008 Red Hat, Inc. All Rights Reserved.
4
+ * Written by David Howells (dhowells@redhat.com)
5
+ *
6
+ * This program is free software; you can redistribute it and/or
7
+ * modify it under the terms of the GNU General Public License
8
+ * as published by the Free Software Foundation; either version
9
+ * 2 of the License, or (at your option) any later version.
10
+ */
11
+
12
+#ifndef _LINUX_KEYCTL_H
13
+#define _LINUX_KEYCTL_H
14
+
15
+/* special process keyring shortcut IDs */
16
+#define KEY_SPEC_THREAD_KEYRING		-1	/* - key ID for thread-specific keyring */
17
+#define KEY_SPEC_PROCESS_KEYRING	-2	/* - key ID for process-specific keyring */
18
+#define KEY_SPEC_SESSION_KEYRING	-3	/* - key ID for session-specific keyring */
19
+#define KEY_SPEC_USER_KEYRING		-4	/* - key ID for UID-specific keyring */
20
+#define KEY_SPEC_USER_SESSION_KEYRING	-5	/* - key ID for UID-session keyring */
21
+#define KEY_SPEC_GROUP_KEYRING		-6	/* - key ID for GID-specific keyring */
22
+#define KEY_SPEC_REQKEY_AUTH_KEY	-7	/* - key ID for assumed request_key auth key */
23
+#define KEY_SPEC_REQUESTOR_KEYRING	-8	/* - key ID for request_key() dest keyring */
24
+
25
+/* request-key default keyrings */
26
+#define KEY_REQKEY_DEFL_NO_CHANGE		-1
27
+#define KEY_REQKEY_DEFL_DEFAULT			0
28
+#define KEY_REQKEY_DEFL_THREAD_KEYRING		1
29
+#define KEY_REQKEY_DEFL_PROCESS_KEYRING		2
30
+#define KEY_REQKEY_DEFL_SESSION_KEYRING		3
31
+#define KEY_REQKEY_DEFL_USER_KEYRING		4
32
+#define KEY_REQKEY_DEFL_USER_SESSION_KEYRING	5
33
+#define KEY_REQKEY_DEFL_GROUP_KEYRING		6
34
+#define KEY_REQKEY_DEFL_REQUESTOR_KEYRING	7
35
+
36
+/* keyctl commands */
37
+#define KEYCTL_GET_KEYRING_ID		0	/* ask for a keyring's ID */
38
+#define KEYCTL_JOIN_SESSION_KEYRING	1	/* join or start named session keyring */
39
+#define KEYCTL_UPDATE			2	/* update a key */
40
+#define KEYCTL_REVOKE			3	/* revoke a key */
41
+#define KEYCTL_CHOWN			4	/* set ownership of a key */
42
+#define KEYCTL_SETPERM			5	/* set perms on a key */
43
+#define KEYCTL_DESCRIBE			6	/* describe a key */
44
+#define KEYCTL_CLEAR			7	/* clear contents of a keyring */
45
+#define KEYCTL_LINK			8	/* link a key into a keyring */
46
+#define KEYCTL_UNLINK			9	/* unlink a key from a keyring */
47
+#define KEYCTL_SEARCH			10	/* search for a key in a keyring */
48
+#define KEYCTL_READ			11	/* read a key or keyring's contents */
49
+#define KEYCTL_INSTANTIATE		12	/* instantiate a partially constructed key */
50
+#define KEYCTL_NEGATE			13	/* negate a partially constructed key */
51
+#define KEYCTL_SET_REQKEY_KEYRING	14	/* set default request-key keyring */
52
+#define KEYCTL_SET_TIMEOUT		15	/* set key timeout */
53
+#define KEYCTL_ASSUME_AUTHORITY		16	/* assume request_key() authorisation */
54
+#define KEYCTL_GET_SECURITY		17	/* get key security label */
55
+#define KEYCTL_SESSION_TO_PARENT	18	/* apply session keyring to parent process */
56
+#define KEYCTL_REJECT			19	/* reject a partially constructed key */
57
+#define KEYCTL_INSTANTIATE_IOV		20	/* instantiate a partially constructed key */
58
+#define KEYCTL_INVALIDATE		21	/* invalidate a key */
59
+#define KEYCTL_GET_PERSISTENT		22	/* get a user's persistent keyring */
60
+
61
+#endif /*  _LINUX_KEYCTL_H */

+ 3
- 0
linux/syscall.h View File

@@ -33,6 +33,7 @@
33 33
 int sys_accept();
34 34
 int sys_accept4();
35 35
 int sys_access();
36
+int sys_add_key();
36 37
 int sys_adjtimex();
37 38
 int sys_arch_prctl();
38 39
 int sys_bind();
@@ -124,6 +125,7 @@ int sys_ioctl();
124 125
 int sys_ioprio_get();
125 126
 int sys_ioprio_set();
126 127
 int sys_ipc();
128
+int sys_keyctl();
127 129
 int sys_kexec_load();
128 130
 int sys_kill();
129 131
 int sys_link();
@@ -203,6 +205,7 @@ int sys_recvmsg();
203 205
 int sys_remap_file_pages();
204 206
 int sys_removexattr();
205 207
 int sys_renameat();
208
+int sys_request_key();
206 209
 int sys_restart_syscall();
207 210
 int sys_rt_sigaction();
208 211
 int sys_rt_sigpending();

Loading…
Cancel
Save